Just after my colleague posted a blog about "Skype Me/Spam Me" a few days back, I received a MSN spam message from one of my friends. The message claimed to be a "risk free" weight loss program and contained a link to a domain, which has already been blocked by SophosLabs about one month back. When opened, the page looks as follows:

After receiving the spam message I notified my friend and asked him to scan his computer for any malware infection on his system. However, no malware was found. Upon further investigation, I'm almost sure that my friend gave his username and password to some dodgy site which claimed to "legally" use customers' login info.

My immediate suggestion to my friend is to change the passwords ASAP. Customers should be aware that it is important to protect their IM's usernames and passwords to stop them getting into the wrong hands. When customers are asked to provide confidential information, it should be necessary to ask whether the information is relevant and how it will be used.